<?php
$loginError = "";

if(isset($_POST["submit"]))
{

	$email = $_POST["email"];
	$password = $_POST["password"];
	
	if($email && $password)
	{
		$email = mysql_real_escape_string($email);
		$password = mysql_real_escape_string(md5($password));
		
		$selectEmail = mysql_query("SELECT email FROM Users WHERE Email = '{$email}'") or die(mysql_error());
					
		if(mysql_numrows($selectEmail) > 0)
		{
			//email exsits - now check if password matches
			$selectPassword = mysql_query("SELECT password, active FROM Users WHERE email = '{$email}'") or die(mysql_error());
			$row = mysql_fetch_assoc($selectPassword);
			$dbPassword = $row["password"];
			$active = $row["active"];		
					
			if($dbPassword == $password)
			{
			
				if($active == "1")
				{
					//get userID of the user logging in
					$selectUserID = mysql_query("SELECT ID, activationCode FROM Users WHERE email = '{$email}'") or die(mysql_error());
					$row = mysql_fetch_assoc($selectUserID);
					$userID = $row["ID"];
					$activationCode = $row["activationCode"];
						
					//create a session for the user
					$_SESSION["userID"] = $userID;
					
					//set cookie if remember was checked
					if(isset($_POST["remember"]))
					{
						setCookie("ac", $activationCode, time() + 2629743, "/"); // remember for one month
					}	
								
					//die(''.ReturnValues::Success);
					header("Location:/profile/@".Username($userID));
				}
				else
				{
					//die(''.ReturnValues::NotActive);
					$loginError = "You need to activate your account. Click <a href='#'>HERE</a> for help.";
				}
			}
			else
			{
				//die(''.ReturnValues::WrongPassword);
				$loginError = "Incorrect Email/Password Combination.";
			}
		}
		else
		{
			//die(''.ReturnValues::NoUser);
			$loginError = "Incorrect Email/Password Combination.";
		}
	
	}
	else
	{
		$loginError = "Please fill in all fields.";
	}
	
}
?>